Challenge 28 ☆
Welcome to challenge 28. You need to guess the secret
that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.
A user accidentally reveals the new AWS Secret key in conversation between him and his friend in a GitHub issue.
AWS Secret key
Can you spot the secret in our GitHub repository?
We are looking for the secret in a closed GitHub issue in our GitHub repository. But how do we find it?
closed GitHub issue
You can solve this challenge by the following steps:
When you land on the issues tab of our GitHub, click on the Closed option to get all the closed issues up to this day
Go through all the issues that seem fishy for you and you can spot the Secret.
Why storing secrets in closed GitHub issue is a bad idea?
You should never reveal any secret in a GitHub issue because even when the issue is closed all data is public and is very easy to spot.
So go through the issue twice before posting it on any repository.
You have finished all the doable challenges! Congratulations!
We hope you have enjoyed the ride! And have learned something about the pitfalls in secrets